Back to skill
Skillv0.1.0
VirusTotal security
Ai Pair · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:38 AM
- Hash
- 86eaaf0effd0369fe91748bee71c784c4932e0321998aa0995f30b383ca0d5db
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ai-pair Version: 0.1.0 The skill explicitly instructs the AI to launch sub-agents using `mode: "bypassPermissions"` in SKILL.md, which grants them high-privilege access to execute shell commands and read files without per-action user consent. While this is justified as necessary for interacting with external CLIs (`codex` and `gemini`), it significantly increases the risk of unintended command execution or data access if the agent processes malicious project files. No evidence of intentional malice or data exfiltration was found.
- External report
- View on VirusTotal